Compliance

Updated January 22, 2018: HHS and fifteen other federal departments and agencies have delayed implementation of the revised Common Rule for six months. Originally set to take effect on January 19, 2018, the effective date and compliance deadline have been deferred until July 19, 2018.

The delay will provide institutions with at least six months to prepare for eventual implementation and compliance with the 2018 requirements—which might come as welcome news to those who were unprepared to meet the original deadline.

Currently, HHS and the fifteen other agencies are working toward a proposal to even further delay implementation of the revised Common Rule and will be seeking feedback and public comment via the rulemaking process.

Contracts Associates will continue to monitor the status of the revised Common Rule very carefully and will update this blog with any important new insights. If you have any questions about the changes, we encourage you to contact our office at 781-598-8000 or email our CEO, Colleen Sproul, at cms@contractsassociates.com so that we can provide you with the most current information regarding changes and compliance.

[Originally Published on January 4, 2018] The U.S. Department of Health and Human Services (HHS) has proposed a one-year delay in implementation of the revisions to the Common Rule. The updated rule was set to take effect on January 19, 2018 with compliance expected on the same date. But, as of this writing, the effective date and the applicability of the revised Common Rule is uncertain.

During the waning days of the Obama administration, the final text of the updated Common Rule was released by HHS. Upon entering office, the Trump administration immediately froze all new or pending regulations left over from the previous administration to allow them to be reviewed by the new President’s appointees. Implementation of the Common Rule changes was accordingly placed on hold.

What are the Revisions to the Common Rule?

The Common Rule, or the Federal Policy for the Protection of Human Subjects, is a set of regulations governing federally-funded research involving human participants, their data and biospecimens. First promulgated in 1991 and not updated since 2005, HHS proposed updating the Common Rule to reflect the rapidly-changing research landscape, especially in terms of human subject data and advancing digital technologies.

The revision process began in 2011 with the goal of enhancing protections of participants (relative to informed consent and data) and reducing administrative burdens. The Common Rule underwent significant revision with informed consent provisions requiring “a concise and focused presentation of the key information” in contracts. The updated rule also requires informed consent provisions to explain, among other things, the purposes of the research, risks and benefits of participation, and any appropriate alternatives so that a “reasonable person” can more easily decide whether or not to participate in the research.

In addition, the new rule requires that a version of the consent form that was used for enrollment purposes for each clinical trial be posted to a federal website. It also allows for gaining broad consent for secondary research use of identifiable data and biospecimens of participants.

So What Happens Next?

The Office of Management and Budget (OMB) is currently reviewing the proposal by HHS to delay implementation and compliance by one year. Along with the one-year delay, HHS is considering allowing three burden-reducing provisions to be implemented during the delay to ease administration. Precisely which three provisions remains unclear as they have not been specifically enumerated and the proposal currently exists as a title with no accompanying text.

It is unclear whether both the effective and compliance date would be pushed back, or only the compliance date, or whether there will be no changes at all and the new rule will be fully implemented on January 19, 2018. The possibility of delay in compliance might be seen as good news to some institutions who are unprepared to comply with the new rule and need time to make necessary changes. But as of now, the future of the revised Common Rule is unknown.

Contracts Associates will continue to monitor the status of the revised Common Rule very carefully and will update this blog with any important new insights. If you have any questions about the changes, we encourage you to contact our office at 781-598-8000 or email our CEO, Colleen Sproul, at cms@contractsassociates.com so that we can provide you with the most current information regarding changes and compliance.

As of May 25, 2018, U.S. sponsors of clinical studies conducted in the European Union must be in compliance with the EU’s new General Data Protection Regulation (“GDPR”) or risk the possibility of significant fines.

U.S. sponsor companies must contend with this new EU regulation and the learning curve will likely be steep—especially as the GDPR requirements contrast sharply with the U.S.’s lack of any meaningful privacy regulation.

Companies found to be in non-compliance with the GDPR risk significant fines – possibly up to 4% of total worldwide annual turnover of the preceding financial year or 20 000 000 EUR, whichever is larger. The GDPR applies to the processing of personal data which includes subjects’ names, addresses, medical information, and more—regardless of whether the processing takes place in the EU or not.

We expect that our clients will be particularly impacted by the provisions related to the stringent, new contractual Informed Consent requirements for terms concerning use of bio specimens.

The GDPR also mandates the appointment of a senior-level Data Protection Officer with expertise in data protection law. This DPO will report directly to a C-suite executive. The law also requires companies to comply with certain processes for data protection and data management.

Contracts Associates is prepared to help your company successfully navigate this new regulatory framework. Our team of attorneys can help minimize the risk of penalties by updating your contracts to ensure that all informed consent language is GDPR-compliant with regard to sample and data usage. We will help your company uphold its legal duties and obligations to EU sites and vendors by drafting new contract template terms as needed. We encourage you to start your GDPR-compliance planning by contacting our office at 781-598-8000 or emailing our CEO, Colleen Sproul, at cms@contractsassociates.com